Re: Rejecting weak passwords - Mailing list pgsql-hackers

From Kenneth Marshall
Subject Re: Rejecting weak passwords
Date
Msg-id 20091001140431.GJ6749@it.is.rice.edu
Whole thread Raw
In response to Re: Rejecting weak passwords  (Magnus Hagander <magnus@hagander.net>)
List pgsql-hackers
On Thu, Oct 01, 2009 at 03:54:37PM +0200, Magnus Hagander wrote:
> On Thu, Oct 1, 2009 at 15:26, Albe Laurenz <laurenz.albe@wien.gv.at> wrote:
> > Andrew Dunstan wrote:
> >>>> So here's the patch.
> >>>> I don't think there is documentation required;
> >>>> correct me if I am wrong.
> >>>
> >>> How will people know how to use it, or that it's even there without at
> >>> least a note in the docs somewhere?
> >>
> >> I'd prefer to have an example as a contrib module, as well as docs.
> >> Quite apart from anything else, how the heck would we test it without
> >> such a thing?
> >
> > I was not sure because no other hooks were documented anywhere else
> > than in the code.
> >
> > I could add a paragraph in the "auth-password" section of
> > client-auth.sgml. Or is there a better place?
> >
> > I could easily write a simple contrib that adds a check for
> > username = password if there is interest.
> 
> I think it's better to have an actually *useful* contrib module for
> it, if there is one. Meaning perhaps something that links to that
> cracklib thing mentioned upthread.
> 

+1 for a sample module that will allow cracklib to drop in.

Cheers,
Ken


pgsql-hackers by date:

Previous
From: Simon Riggs
Date:
Subject: Re: Hot Standby on git
Next
From: Aidan Van Dyk
Date:
Subject: Re: Rejecting weak passwords